I've just started the following list in order to promote development of good open-source tools to provide secure and alternate ways to create cryptocurrencies' wallets and addresses – specially the popular known tools entitled “Paper Wallet” and “Brainwallet”.

Great tools have been created all those past years by skilled programmers and by a community of dedicated volunteers. So I decided to create this list as means to promote a “healthy” competition among those programmers, so cryptocurrency users and all the related community can benefit from that.

4th) The project can't be a newer identical clone version of an (already existing other person's) older original app (it must have - at least - one reasonable innovation or add-on).

All parameters here are subject to change, this is a work in progress...

If you got an idea, share with us!

This is not meant to be an exhaustive list, just a compilation of similar projects and source of data for the community about development of those mentioned tools. This list will be updated frequently.

IMPORTANT STATEMENT: This List is offered without any warranty whatsoever; we do not guarantee the ideal operation or funcionality of no tool nor app mentioned here. No professional code auditing were performed by us. If you lose your coins using one or any of those tools, we are not to be blamed and we're not responsible for it. We'd be very sorry, but we cannot help you about that. Cryptocurrencies are new stuff yet, so many experiments are still in early stages. We also cannot guarantee any member's reliability and that your coins will be 100% safe 100% of the time (even in the future). This is just a simple list and a competition. Due diligence, research, revision, auditing is still necessary. Be smart and do your job. Use those tools/apps at your own risk!

About random passphrases:DO NOT create passphrases thinking that you (a human) can be naturally very random and generate good bits of entropy by your own will. Humans tend to be predictable in their behavior and in their actions (and reactions). Idioms and languages - which words are used most of the time as passphrases - are structured in a logical and sequential way. i.e. no randomness in any way. What I'm trying to explain here is that: "it's really a bad idea for people to come up with passphrases themselves". Suggestion: use Diceware. Use (at least) a group of twelve words.

About paper wallets:DO choose versions that use/allow true randomness methods (e.g. flipping a fair coin, rolling a fair dice, draw playing cards from shuffled decks, atmospheric noise measurements, etc) instead of pseudorandom machine methods for key generation. P.s. keep in mind that in general humans are not good at generating (decent bits of) entropy for passphrases and machines are not a good source of true randomness either, so you have to use "the best of both worlds" and avoid the worst cenario. Info: http://bit.ly/1PEOHoO & http://bitzuma.com/posts/bitcoin-paper-wallets-from-scratch

About change addresses:DO make sure you fully understand how change addresses work when dealing with brainwallets and paper wallets while spending your coins. When used correctly, change addresses help increasing privacy of cryptocurrencies. But also with this capability comes the potential for loss and theft when its use isn't completely understood. "To avoid potentially costly mistakes, familiarize yourself with change addresses and how your wallet software implements them". Beware while importing your single address' private key on different wallet softwares: "wallet developers can implement this feature in a number of ways". "Learn how to prevent and Recover from Change Address Disasters" reading this excellent article: http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses

About use of applications: DO NOT generate wallets nor addresses when conected to the Internet. Download the app, review the code, check the file's hashsum to verify it's the original file and only work with it in an air-gapped machine (use Live-DVD OS to help all the process) and never touch the net while doing it. Before sending funds to an address, it is recommended that you first check for compatibility of addresses generated by those apps by importing some of their private keys into the official (and most popular unofficial too) client. This can be done most of the time through the debug console using the "importprivkey" command. If you are able to successfully import keys, the tested generator/app is compatible.

About security paranoia:DO NOT consider yourself an InfoSec expert. If you think your coins are safe because you have an "ultimate unbreakable encryption scheme", you'd better think twice: https://xkcd.com/538/ P.s Reality is always tougher than we thought it might be.

2nd idea: And maybe we could add some additional pts for some additonal KDF algo iteration and/or extra rounds (over those recommended by standards).

P.s. for this one, I'll need some deeper research and estimate what are the standard numbers (of rounds/iterations of scrypt, bcrypt and PBKDF2) used to protect from brute-force attacks today and I'll estimate safer (higher) numbers considering the increase in brute-force attack strenght (GPU + ASIC) in the next (at least) 5 to 10 years. (BTW Do you have any numbers - for scrypt, bcrypt and PBKDF2 - in mind?)

With regard to the generators purses question. Where is the guarantee of key generation, the developer does not receive access to the private key?

In fact there's no guarantee at all. They're all free of warranty as you'll notice at their websites.

As a pratical measure, the guarantee is the open-source code that is accessible to you to review it so that you can be assured that the app runs client-side only and is expected that you will be a smart guy that will run it offline in an air-gapped machine and will come up with VERY GOOD security measurements.

Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.

Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.

I guess we'll adopt your approach in some way: "score them (KDFs) on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt".

I'll just need some time to think about a fair way in order to compare different types of KDFs (scrypt, bcrypt, PBKDF2) and their respective "spot instance cracking cost" or some estimation of those values.

coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?

You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out. That being said, the next version will allow the user to select a bunch of different algorithms.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

That being said, the next version will allow the user to select a bunch of different algorithms.

This is possibly an unpopular opinion, but offering a bunch of security choices that most people don't really understand isn't actually a good thing. What I would suggest is using WarpWallet's scheme with the salt *required* and a strong recommendation that a random passphrase be used (provide a generator). You could also provide a "classic brainwallet" option with a warning that makes it clear that it's very weak and should only be used to sweep old brainwallets.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

*edit*: removed analytics.

Yes, I was talking about Google Analytics. If I were a bad person and could get one SSL certificate for any site of my choosing, it would be Google Analytics - it's a super high value target because of how widely used it is.

Cloudflare is also a tremendously high value target, but I doubt arguing against it would get very far.

I think you miss understood why coinb.in was created, its primary a learning tool, a way to deal with multisig and build and sign raw transactions, because of this I'd be greatful if you can remove it from this list. I don't see any point in being involved in this discussion as coinb.in is being treated as a brain wallet, when its not! its much more than that and your scoring system doesn't take this into account.

For example are signatures of signed transactions RFC 6979 complient? Is TOR supported? Are stealth addresses supported? Is bip32/HD supported? Is op_return working and can that be combined with multisig? are multiple networks accepted? Is the site compatable with other leading sites? Can the site be downloaded and fully run offline, whilst still being able to create and sign transactions. Further more can you even create and sign a transaction with the other sites listed or is it purely for address generation? as i beleive all the sites listed except coinb.in have no way to actually build a transaction and spend the funds. I could go on and on and on.

For example are signatures of signed transactions RFC 6979 complient? Is TOR supported? Are stealth addresses supported? Is bip32 and HD supported? Is op_return working and can that be combined with multisig? are multiple networks accepted? Is the site compatable with other leading sites? Can the site be downloaded and fully run offline, whilst still being able to create and create and sign transactions. Can you create and sign a transaction with the other sites listed or is it purely for address generation? I could go on and on and on.

Brainwallets are now compared only with Brainwallets and the same goes for Paper wallets.

P.s. Although the main feature will be considered (Paper wallet OR Brainwallet) in order to fill the list, warnings may apply when there are security issues found in multigenerators (Paper wallet + Brainwallet).

Multisignature projects have been removed until I find a good way to compare them.

"Client-side" and "Offline Use" criterions were incorporated to "Security".